SOA policy engine framework

ABSTRACT

Methods, including service methods, articles of manufacture, systems, articles and programmable devices provide a policy engine framework. A consumer policy request for a web service is mediated through a functional web service or a policy web service. A single unified method call is made to policy adapters in response to the mediated customer request, each of the policy adapters in communication with a policy server. The policy adapters transform the single unified method call into formats acceptable by each associated policy servers and place the transformed requests to the associated servers. Results from the policy servers are formatted by policy adapters and a policy is selected from a policy registry repository as a function of the formatted results and returned to a requesting consumer.

FIELD OF THE INVENTION

The present invention generally describes a policy engine frameworkwithin a service-oriented architecture.

BACKGROUND OF THE INVENTION

It is known for organizations to use service-oriented architecture (SOA)methods, systems and governance models to develop and deploy shareableand reusable services. However, problems arise as deploying multipleshareable and reusable services across an SOA enterprise generallyrequires web services and service buses to access multiple policiesacross many policy servers and multiple policy repositories. Businessand technology teams are thus required to manage and work with differentpolicy servers for effective communication, which generally requiresdevelopers to create interfaces for each different policy server. Priorart architecture solutions and structures may not effectively promoteSOA services reuse, may be hard to govern, and may not be scalable.

SUMMARY OF THE INVENTION

Methods provide a policy engine framework. A consumer policy request fora web service is mediated through a functional web service or a policyweb service. A single unified method call is made to policy adapters inresponse to the mediated customer request, each of the policy adaptersin communication with a policy server. The policy adapters transform thesingle unified method call into formats acceptable by each associatedpolicy servers and place the transformed requests to the associatedservers. Results from the policy servers are formatted by policyadapters and a policy is selected from a policy registry repository as afunction of the formatted results and returned to a requesting consumer.

Articles of manufacture comprising a computer usable medium having acomputer readable program in said medium are also provided. Such programcode comprises instructions which, when executed on a computer system,cause the computer system to perform one or more method and/or processelements described above for providing a policy engine framework.

Systems, articles and programmable devices are also provided, configuredfor performing one or more method and/or process elements of the currentinvention for providing a policy engine framework. In one example, apolicy broker engine is provided in communication with a serviceregistry and with policy servers through policy adapters. A policyregistry repository is also in communication with the policy brokerengine, and an enterprise service bus mediator in communication with thepolicy broker engine and the service registry. The policy broker engineis configured to formulate a single unified method call to the policyadapters in response to a consumer request through the mediator. Thepolicy adapters are configured to transform the received single unifiedmethod call into a format acceptable by each associated policy server,place the transformed requests to the associated policy servers andformat results from the policy servers back to the policy broker engine.The mediator is further configured to return a policy selected from thepolicy registry repository as a function of the formatted result to arequesting consumer.

Service methods are also provided comprising deploying programmabledevices, logic components or applications for providing a policy engineframework according to the method steps described above, for example bya service provider who offers to implement, deploy, and/or performfunctions for others.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features of the methods, systems and devices accordingto the present application will be more readily understood from thefollowing detailed description of the various aspects of the embodimentstaken in conjunction with the accompanying drawings in which:

FIG. 1 is a block diagram illustration of a policy engine frameworkaccording to the present invention.

FIG. 2 illustrates a policy engine framework according to the presentinvention.

FIG. 3 is a block diagram of a system or device configured to provide apolicy engine framework according to the present invention.

FIG. 4 is a block diagram illustrating a computerized implementation ofa policy engine framework according to the present invention.

The drawings are not necessarily to scale. The drawings are merelyschematic representations, not intended to portray specific parametersof the invention. The drawings are intended to depict only typicalembodiments of the invention, and therefore should not be considered aslimiting the scope of the invention. In the drawings, like numberingrepresents like elements.

DETAILED DESCRIPTION OF THE INVENTION

For convenience the Detailed Description of the Invention has thefollowing sections:

I. General Description; and

II. Computerized Implementation.

I. General Description

SOA governance may be understood to encompass an entire organizationinvolved in a transformation and should require participation bymultiple stakeholders in definition and realization. A well-definedgovernance framework and underlying model helps to drive effectivechange across an enterprise, and may be a key to success irrespective ofan entry point chosen by an enterprise for an SOA transformation.Additionally, an effective SOA governance model may be realized byestablishing a governance body comprising domain owners and stakeholderswith delegated responsibility for decision making.

Problems may arise in prior art SOA governance structures throughdeploying multiple shareable and reusable services across an SOAenterprise when web services and Enterprise Service Buses (ESB's) arerequired to access multiple policies across many policy servers andmultiple policy repositories. Requiring business and technology teams tomanage and work with different policy servers for effectivecommunication in prior art SOA structures generally entails requiringdevelopers to create interfaces for each different policy server, whichdeters effective promotion of SOA services reuse, and may result inhard-to-govern and non-scalable SOA structures.

More particularly, a prior art SOA enterprise is hard to govern ifservices have to span multiple policy servers to formulate a call flow.If one of a plurality of policy servers is sunset or updated, thischange may not be reflected to all the services that use the givenpolicy server, which creates policy problems for a service, includingcausing the service to fail to function after a policy upgrade. A policyserver may also be sun-setted without understanding the implications ofsun-setting the policy server. Although the prior art offers generalteachings on handling authentication and authorization throughLightweight Directory Access Protocol (LDAP) and persistent data storagemeans (for example a database), no compelling prior art method, systemor framework provides effective management of communications acrossmultiple policy servers.

FIG. 1 illustrates a method or process for providing a service-orientedarchitecture policy engine framework 10 according to the presentinvention. At 12 a consumer policy request for a web service is mediatedthrough a functional web service and/or a policy web service. At 14 asingle unified method call is made to each of a plurality of policyadapters in response to the mediated customer request, each of theplurality of policy adapters in communication with one each of aplurality of policy servers. At 16 each of the called policy adapterstransforms the single unified method call into a format acceptable by anassociated policy server and places the transformed request to theassociated policy server. At 18 at least one of the called policyadapters formats a result back from an associated policy server, and at20 a policy is returned from a policy registry repository to arequesting consumer as a function of the formatted result.

FIG. 2 illustrates a policy engine framework 100 according to thepresent invention. A policy broker engine 102 functions as a corecomponent of the overall policy engine framework 100. Both design timeand run-time aspects are represented in the overall framework 100. Therealization of the framework 100 may be based on a variety of differentapproaches, and illustrative but not exhaustive examples includeseparate design time and run-time modules and a single comprehensiveimplementation of the policy broker engine 102, wherein design timemodules may enable authoring, verification and validation of polices forany given scenario.

The policy broker engine 102 communicates with other relevant systemsincluding existing policy servers 104 (in some embodiments throughpolicy adapters 105) and service registries 106 to enable effectiveauthoring of policies. At run-time policy consumers or systems 120interact with the policy broker engine 102 for access to the relevantpolicies. An LDAP server 110 provides for improved throughput by storingpolicy reference keys in an associated LDAP repository 124 that increasethe speed of policy lookups, providing access to key lookups 112 from anenterprise service bus (ESB) mediator 114 for policies generated atdesign time for each approved policy. In one aspect, lookup keys areleveraged for indexed access to policies at run-time. It will beappreciated by one skilled in the art that in some embodiments otherlightweight mechanism means for authentication and authorization may beused in the place of the LDAP server 110, and the present invention isnot limited to the embodiment illustrated in FIG. 1 and discussedherein.

The ESB mediator 114 acts on behalf of consumer/systems 120 to makerequests to the policy broker engine 102. When the policy broker engine102 returns a complex flow-based policy in the policy registry andrepository 122 it is the responsibility of the ESB mediator 114 completethat flow. The ESB mediator 114 is also used to cache policies andregister lookups to increase the speed at which policies and servicelookups are returned.

ESB mediator 114 policy agents 116 and web services 118 are leveragedfor access to the engine during both design time and run time. Moreparticularly, the framework 100 comprises policy agents 116 interactingwith the policy broker engine 102 and which may be distributed acrossthe framework 100 eco-system, in one aspect providing for both a smallfoot-print and seamless access to all the capabilities of the policyframework 100 environment. Policy agents 116 a within the ESB mediator114 may help to mediate policy consumer system 120 a requests for webservices through a functional web service component 108 and policyconsumer system 120 b requests for web services through a policy webservice component 118. Policy agents 116 c within a policy consumersystem 120 c may also intercept requests for web services and route themto the policy broker engine 102 through the ESB mediator 114, whereinthe ESB mediator 114 may return a whole result back to a consumer viathe policy agent 116 b; in one aspect this may occur when the ESBmediator 114 makes calls to composite services that may rely on policiesthat create different results depending on which policy is enforced.

The policy broker engine 102 acts as an interface to legacy policiesservers 104, enterprise policy repositories 125, the policy registryrepository 122 and other policy repositories 126, formulating calls toone policy service via a unified method (for example, through anextensible markup language (XML) call) while actually making multiplecalls to different policy servers 104 on behalf of a consumer/system120. Thus the present framework 100 provides users an interface tomultiple policy servers (including an LDAP or database) by coding to aspecification defined in the policy broker engine 102, allowing anenterprise to leverage all of its policy servers 104 via a unifiedinterface.

Moreover, not only does the policy broker engine 102 handleauthentication and authorization, it may also define workflows andbusiness rules via the policy registry repository 122. The policyregistry repository 122 acts as a rules engine for policies andservices. One function of the policy registry repository 122 is todefine rules and call flows for the policy broker engine 102 that theESB mediator 114 may use during a service call: this means that a policyworkflow may consist of multiple service calls that may very from user120 to user 120 or group 120 to group 120.

In one aspect, policy information and service information stored in thepolicy registry repository 122 and the service registry(ies) 106 aresynchronized. Thus, when a service is updated or deleted, the serviceregistry 106 confirms that the policy is modified or a warning ascent iscommunicated to a requester for a delete; if a user continues with adelete process then the delete removes both the policy and the servicefrom the policy registry repository 122 and from the serviceregistry(ies) 106. The LDAP server 110 also receives data 113 withrespect to the updates, revisions, etc., and uses said update data 113to update look-up key data in the LDAP repository 124.

Even though a request for a policy may be made via a unified interfaceto the policy broker 102, each policy server 104 may require its ownpolicy adapter 105 that transforms a policy request to the policy brokerengine 102 into a format acceptable by the each policy server 104: thusit is the job of the policy adapter 105 to transform a request, place arequest to the respective policy server 104 and format a result back tothe policy broker engine 102.

A policy authoring agent 116 c is also provided, in some embodimentswithin another authoring system or administration console 130. Thepolicy authoring agent 116 c is responsible for creating new policies,editing policies, and deleting policies from the framework 100. The ESBmediator 114 controls access to policies and services by acting as acentral point for the policy authoring agent 116 c to create policies.More particularly, a policy created via the policy authoring agent 116 ccan affect multiple components in the framework 100, illustrativelyincluding the service registry(ies) 106, communication with policyauthors 132 through visual interactive policy authoring systems 134 andcommunication with policy broker administrators 136 through visualinteractive policy administration consoles 140. A policy itself may beconsidered a business role that ties services together via their groupor user permissions, and a policy authoring agent 116 c according to thepresent invention is able to see what services are available via theservices registry 106, what groups and users are available, and whatactions may be performed that are already defined in the policy registryrepository 122.

The policy engine framework 100 may be leveraged in organizations of allsizes, in one aspect because of the flexibility of the overall framework100 environment. The framework 100 can be implemented as a comprehensiveruntime solution or as a module of a larger application serverenvironment. In addition, policy design tooling through the framework100 may be implemented either as stand-alone solution or part of acomprehensive tooling portfolio. Run-time management and administrativecomponents may also be implemented as part of both business andtechnology dashboards/consoles (for example, as part of a visualinteractive policy administration console 140), or as unique instancesmeeting specific audience requirements. Moreover, the framework 100 mayalso be adapted to other, different solution environments in addition toSOA, and may be integrated as part of a comprehensive ecosystem as onecomponent of an overall solution addressing requirements of policymanagement.

The present invention provides an approach to identify and communicatewith the right policy server 104, allowing end-users to communicate withmultiple policy servers 104 within the scope of a request without havingto communicate with every server 104 separately. In addition this alsoeliminates the requirement to understand how many such policy servers104 are within the scope of an enterprise, as this data accumulates inthe framework 100 components. Thus, a developer may communicate withmultiple policy servers 104 within a call flow without needing to createa custom interface for each policy server 104 that is to be leveraged.

In another aspect, the present invention provides for the de-coupling ofa service requestor, service provider and the rest of the infrastructureby abstracting service meta-data through the service registry 106.Extended flexibility is also provided by allowing the ESB mediator 114or any other service integration infrastructure component to performcore routing and mediating functionality with the help of servicemetadata and corresponding policy information. The speed of requestprocessing is also increased by the use of the policy broker engine 102via policy key lookup methodology in the LDAP 110 infrastructure.

In another aspect, the framework 100 provides a mechanism for creatingpolicy-based call flows. A policy broker administrator 136 may query thepolicy broker engine 102 through a visual interactive policyadministration console 140 to determine what call flows and services areusing a policy server 104. This centralized view provides theadministrator 136 with an on-going snap-shot of usage patterns andinteractions, in one aspect similar to providing a call detail record ofa telecom infrastructure, enabling effective management of the policyenvironment. By providing a central mechanism framework 100 forauthoring new policies that span multiple policy servers the presentinvention also eliminates redundancies and duplication. Additionally,the present invention provides a uniform way of requesting policies fromother policy servers 104 by creating a standard interface forcommunicating to the policy broker engine 102 and transforming callsfrom the policy broker engine 102 into a proper format of an externalpolicy server 104.

FIG. 3 illustrates a programmable device or module 200 configured toprovide a policy engine framework according to the present invention,for example as illustrated in FIGS. 1 and 2 and described above. Thedevice 200 may be incorporated into a larger system (such as oneprovided by a service provider) wherein other applications andcomponents of the larger system accomplish systems and methods accordingto the present invention, or it may be a stand-alone device or module200 configured to perform each of the systems and methods describedabove. The present embodiment thus comprises a central processing unit(CPU) or other processing means 201 in communication with a memory 203comprising logic components that enable the CPU 201 to perform processesand methods according to the present application, as will be understoodthrough reference to FIGS. 1 and 2 as discussed above. Thus, the memory203 comprises a policy broker engine 102 logic component configured tocommunicate with other policy servers through policy adapters andservice registries to enable effective authoring of policies; a policyregistry repository 122 logic component configured to act as a rulesengine for policies and services; an ESB mediator 114 logic componentconfigured to act on behalf of consumer/systems to make requests to thepolicy broker engine 102; and a policy agent 116 logic componentconfigured to interact with the policy broker engine 102.

A power source 205 is configured to provide operative power to thedevice 200; examples include battery units 205 and power inputsconfigured to receive alternating or direct current electrical power,and other appropriate power units 205 will be apparent to one skilled inthe art. A communication port or network link/node means (“com port”)207 is also provided and configured to enable data and othercommunications as may be appropriate, for example as discussed above.

II. Computerized Implementation

Referring now to FIG. 4, an exemplary computerized implementation of abusiness services portfolio-centric SOA governance framework accordingto the present invention includes a computer system 304 deployed withina computer infrastructure 308 such as a computer or a programmabledevice such as a personal digital assistant (PDA) or cellular phone.This is intended to demonstrate, among other things, that the presentinvention could be implemented within a network environment 340 (e.g.,the Internet, a wide area network (WAN), a local area network (LAN), avirtual private network (VPN), etc.) in communication with one or moreadditional computers 336, or on a stand-alone computer infrastructure308. In the case of the former, communication throughout the network 340can occur via any combination of various types of communication links.For example, the communication links can comprise addressableconnections that may utilize any combination of wired and/or wirelesstransmission methods. Where communications occur via the Internet,connectivity could be provided by conventional TCP/IP sockets-basedprotocol, and an Internet service provider could be used to establishconnectivity to the Internet.

As shown, the computer system 304 includes a central processing unit(CPU) 312, a memory 316, a bus 320, and input/output (I/O) interfaces324. Further, the computer system 304 is shown in communication withexternal I/O devices/resources 328 and storage systems 332. In general,the processing unit 312 executes computer program code, such as the codeto implement various components of the process and systems, and devicesas illustrated in FIGS. 1 through 3 and described above, including thepolicy broker engine 102 logic component, the policy registry repository122 logic component, the ESB mediator 114 logic component and the policyagent 116 logic component, and which are stored in memory 316 and/orstorage system 332. It is to be appreciated that two or more, includingall, of these components may be implemented as a single component.

While executing computer program code, the processing unit 312 can readand/or write data to/from the memory 316, the storage system 332 (e.g.the, and/or the I/O interfaces 324. The bus 320 provides a communicationlink between each of the components in computer system 304. The externaldevices 328 can comprise any devices (e.g., keyboards, pointing devices,displays, etc.) that enable a user to interact with computer system 304and/or any devices (e.g., network card, modem, etc.) that enablecomputer system 304 to communicate with one or more other computingdevices.

The computer infrastructure 308 is only illustrative of various types ofcomputer infrastructures for implementing the invention. For example, inone embodiment, computer infrastructure 308 comprises two or morecomputing devices (e.g., a server cluster) that communicate over anetwork to perform the various process steps of the invention. Moreover,computer system 304 is only representative of various possible computersystems that can include numerous combinations of hardware.

To this extent, in other embodiments, the computer system 304 cancomprise any specific purpose-computing article of manufacturecomprising hardware and/or computer program code for performing specificfunctions, any computing article of manufacture that comprises acombination of specific purpose and general-purpose hardware/software,or the like. In each case, the program code and hardware can be createdusing standard programming and engineering techniques, respectively.Moreover, the processing unit 312 may comprise a single processing unit,or be distributed across one or more processing units in one or morelocations, e.g., on a client and server. Similarly, the memory 316and/or the storage system 332 can comprise any combination of varioustypes of data storage and/or transmission media that reside at one ormore physical locations.

Further, I/O interfaces 324 can comprise any system for exchanginginformation with one or more of the external device 328. Still further,it is understood that one or more additional components (e.g., systemsoftware, math co-processing unit, etc.) not shown in FIG. 4 can beincluded in computer system 304. However, if computer system 304comprises a handheld device or the like, it is understood that one ormore of the external devices 328 (e.g., a display) and/or the storagesystem 332 could be contained within computer system 304, not externallyas shown.

The storage system 332 can be any type of system (e.g., a database)capable of providing storage for information under the presentinvention. To this extent, the storage system 332 could include one ormore storage devices, such as a magnetic disk drive or an optical diskdrive. In another embodiment, the storage system 332 includes datadistributed across, for example, a local area network (LAN), wide areanetwork (WAN) or a storage area network (SAN) (not shown). In addition,although not shown, additional components, such as cache memory,communication systems, system software, etc., may be incorporated intocomputer system 304.

While shown and described herein as a method and a system, it isunderstood that the invention further provides various alternativeembodiments. For example, in one embodiment, the invention provides acomputer-readable/useable medium that includes computer program code toenable a computer infrastructure to implement methods, systems anddevices according to the present application, for example as illustratedin FIGS. 1 through 4 described above and otherwise herein. To thisextent, the computer-readable/useable medium includes program code thatimplements each of the various process steps of the present application.

It is understood that the terms computer-readable medium or computeruseable medium comprise one or more of any type of physical embodimentof the program code. In particular, the computer-readable/useable mediumcan comprise program code embodied on one or more portable storagearticles of manufacture (e.g., a compact disc, a magnetic disk, a tape,etc.), on one or more data storage portions of a computing device, suchas the memory 316 and/or the storage system 332 (e.g., a fixed disk, aread-only memory, a random access memory, a cache memory, etc.), and/oras a data signal (e.g., a propagated signal) traveling over a network(e.g., during a wired/wireless electronic distribution of the programcode).

Still yet, computer infrastructure 308 is intended to demonstrate thatsome or all of the components of implementation according to the presentapplication could be deployed, managed, serviced, etc. by a serviceprovider who offers to implement, deploy, and/or perform the functionsof the present invention for others, for example by licensing methodsand browser or application server technology to an internet serviceprovider (ISP) or a cellular telephone provider. In one embodiment, theinvention may comprise a business method that performs the process stepsof the invention on a subscription, advertising, and/or fee basis. Thus,a service provider can create, maintain, support, etc., a computerinfrastructure, such as the computer infrastructure 308 that performsthe process steps of the present application for one or more customers,and in return the service provider can receive payment from thecustomer(s) under a subscription and/or fee agreement and/or the serviceprovider can receive payment from the sale of advertising content to oneor more third parties.

In still another embodiment, the invention provides acomputer-implemented method for enabling the processes, methods anddevices according to the present application. In this case, a computerinfrastructure, such as computer infrastructure 308, can be provided andone or more systems for performing the process steps of the inventioncan be obtained (e.g., created, purchased, used, modified, etc.) anddeployed to the computer infrastructure. To this extent, the deploymentof a system can comprise one or more of: (1) installing program code ona computing device, such as computer system 304, from acomputer-readable medium; (2) adding one or more computing devices tothe computer infrastructure; and (3) incorporating and/or modifying oneor more existing systems of the computer infrastructure to enable thecomputer infrastructure to perform the process steps of the invention.

As used herein, it is understood that the terms “program code” and“computer program code” are synonymous and mean any expression, in anylanguage, code or notation, of a set of instructions intended to cause acomputing device having an information processing capability to performa particular function either directly or after either or both of thefollowing: (a) conversion to another language, code or notation; and/or(b) reproduction in a different material form. To this extent, programcode can be embodied as one or more of: an application/software program,component software/a library of functions, an operating system, a basicI/O system/driver for a particular computing and/or I/O device, and thelike. Computer readable media can be any available media that can beaccessed by a computer. By way of example, and not limitation, computerreadable media may comprise “computer storage media” and “communicationsmedia.”

“Computer storage media” include volatile and non-volatile, removableand non-removable media implemented in any method or technology forstorage of information such as computer readable instructions, datastructures, program modules, or other data. Computer storage mediaincludes, but is not limited to, RAM, ROM, EEPROM, flash memory or othermemory technology, CD-ROM, digital versatile disks (DVD) or otheroptical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store the desired information and which can be accessed by acomputer.

“Communication media” typically embodies computer readable instructions,data structures, program modules, or other data in a modulated datasignal, such as carrier wave or other transport mechanism. Communicationmedia also includes any information delivery media.

The term “modulated data signal” means a signal that has one or more ofits characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared, and other wireless media. Combinations of any of the above arealso included within the scope of computer readable media.

Certain examples and elements described in the present specification,including in the claims and as illustrated in the Figures, may bedistinguished or otherwise identified from others by unique adjectives(e.g. a “first” element distinguished from another “second” or “third”of a plurality of elements, a “primary” distinguished from a“secondary,” one or “another” item, etc.) Such identifying adjectivesare generally used to reduce confusion or uncertainty, and are not to beconstrued to limit the claims to any specific illustrated element orembodiment, or to imply any precedence, ordering or ranking of any claimelements, limitations or process steps.

The foregoing description of various aspects of the invention has beenpresented for purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed, and obviously, many modifications and variations arepossible. Such modifications and variations that may be apparent to aperson skilled in the art are intended to be included within the scopeof the invention as defined by the accompanying claims.

1. A method for providing a policy engine framework, comprising:mediating a consumer policy request for a web service through at leastone of a functional web service and a policy web service; making asingle unified method call to each of a plurality of policy adapters inresponse to the mediated customer request, each of the plurality ofpolicy adapters in communication with one each of a plurality ofdifferent policy servers; each of the called policy adapters performinga run-time key look-up via an enterprise service bus mediator of policyreference keys stored in a lightweight data access protocol serverrepository for an approved policy generated at design time for anassociated policy server, transforming the single unified method callinto a format acceptable by the approved policy of the associated policyserver, and placing the transformed request to the associated policyserver; any at least one of the called policy adapters formatting aresult back from an associated one of the associated policy servers;selecting a complex flow-based policy from a policy registry repositoryas a function of the formatted result; completing the selected complexflow-based policy by defining a workflow and a business rule that theenterprise service bus mediator may use during a service call as afunction of data in the policy registry repository; and returning thecompleted selected complex flow-based policy to a requesting consumer.2. The method of claim 1, further comprising: mediating the consumerrequest through at least one of a functional web service and a policyweb service.
 3. The method of claim 2, further comprising: making aplurality of calls to a plurality of composite services, wherein thecomposite services create a plurality of different results as a functionof an enforcement policy.
 4. The method of claim 2, wherein the unifiedmethod call is an extensible markup language call.
 5. The method ofclaim 2, further comprising: synchronizing the complex flow-based policywithin the policy registry repository to a service stored within aservice registry; confirming that the complex flow-based policy ismodified or communicating a warning ascent in response to a modificationof the synchronized service stored within the service registry; and if awarned user continues with a delete process, removing the complexflow-based policy from the policy registry repository and removing thesynchronized service from the service registry.
 6. A method forproviding a policy engine framework, comprising: providing computerexecutable program code stored on a computer readable storage device tobe deployed and executed on a computer system, the program codecomprising instructions which, when executed on the computer system,cause the computer system to: make a single unified method call to eachof a plurality of policy adapters in response to a mediated customerrequest, each of the plurality of policy adapters associated with oneeach of a plurality of different policy servers in response to acustomer request; perform a run-time key look-up via the called policyadapters of policy reference keys stored in a lightweight data accessprotocol server repository for approved policies generated at designtime for their associated policy servers; transform the single unifiedmethod call into each of a plurality of formats, each of the pluralityof formats acceptable by a one of the approved policies generated atdesign time of an associated one of the policy servers, and place thetransformed request to each of the servers in the formats acceptable tothe placed servers; format a result back from any at least one of thepolicy servers; select a complex flow-based policy from a policyregistry repository as a function of the formatted result; complete theselected complex flow-based policy by defining a workflow and a businessrule that the enterprise service bus mediator may use during a servicecall as a function of data in the policy registry repository; and returnthe completed selected complex flow-based policy to a requestingconsumer.
 7. The method of claim 6, the program code comprisinginstructions which, when executed on the computer system, causes thecomputer system to mediate the consumer request through at least one ofa functional web service and a policy web service.
 8. The method ofclaim 7, the program code comprising instructions which, when executedon the computer system, causes the computer system to make the unifiedmethod call in an extensible markup language call.
 9. The method ofclaim 8, the program code comprising instructions which, when executedon the computer system, causes the computer system to: synchronize thecomplex flow-based policy within the policy registry repository to aservice stored within a service registry; confirm that the complexflow-based policy is modified or communicate a warning ascent inresponse to a modification of the synchronized service stored within theservice registry; and if a warned user continues with a delete process,remove the complex flow-based policy from the policy registry repositoryand remove the synchronized service from the service registry.
 10. Apolicy engine framework, comprising: a policy broker engine incommunication with a plurality of different policy servers through eachof a plurality of policy adapters, the policy broker further incommunication with a service registry; a policy registry repository incommunication with the policy broker engine; and an enterprise servicebus mediator in communication with the policy broker engine and theservice registry; wherein the policy broker engine, in response to aconsumer request through the enterprise service bus mediator, formulatesa single unified method call to each of the policy adapters; whereineach of the called policy adapters: perform a run-time key look-up viaan enterprise service bus mediator of policy reference keys stored in alightweight data access protocol server repository for an approvedpolicy generated at design time for an associated policy server;transform the single unified method call into a format acceptable by theapproved policy of an associated one of the policy servers; place thetransformed request to the associated policy server; and format a resultfrom any at least one of the associated policy servers back to thepolicy broker engine; and wherein the enterprise service bus mediator:selects a complex flow-based policy from the policy registry repositoryas a function of the formatted result; completes the selected complexflow-based policy by defining a workflow and a business rule for useduring a service call as a function of data in the policy registryrepository; and returns the completed selected complex flow-based policyto a requesting consumer.
 11. The framework of claim 10, furthercomprising: a policy agent in communication with the policy brokerengine, the mediator and with a web service; wherein the policy agent isconfigured to mediate the consumer request through at least one of afunctional web service and a policy web service.
 12. The framework ofclaim 11, wherein the policy agent is a plurality of policy agentsdistributed within each of the mediator, a policy consumer system, andan authoring console.
 13. The framework of claim 10 wherein at least oneof the policy broker engine, the policy registry repository, theenterprise service bus mediator and the plurality of policy adapters isdeployed by a service provider.
 14. The framework of claim 13, furthercomprising: a policy agent deployed by the service provider and incommunication with the policy broker engine, the mediator and with a webservice; wherein the policy agent is configured to mediate the consumerrequest through at least one of a functional web service and a policyweb service.
 15. The framework of claim 14, wherein the policy agent isa plurality of policy agents distributed by the service provider withineach of the mediator, a policy consumer system, and an authoringconsole.
 16. The framework of claim 15 wherein the policy broker enginefurther: synchronizes the complex flow-based policy within the policyregistry repository to a service stored within a service registry;confirms that the complex flow-based policy is modified or communicatesa warning ascent in response to a modification of the synchronizedservice stored within the service registry; and if a warned usercontinues with a delete process, removes the complex flow-based policyfrom the policy registry repository and removes the synchronized servicefrom the service registry.